[packagekit] SELinux issues
david at fubar.dk
Thu Oct 11 16:08:44 PDT 2007
On Fri, 2007-10-12 at 00:31 +0200, Matej Cepl wrote:
> I don't know how much do you want to get involved with SELinux in
> this early stage of the development,
The thing is that SELinux needs to allow
to transition to the security context that the process it is launching
is should run in (usually unconfined_t or similar). So it's really a
SELinux bug in the policy for D-Bus; anything activated by the system
message bus will suffer from this.
(FWIW, I've told Dan Walsh already; I should probably file a bug too.)
Only when the above is in place, it makes sense to start confining the
PackageKit mechanism itself.
More information about the PackageKit